---
title: The three way handshake
course: intro_pentest
section: Scanning
layout: lesson
---

When two machines on any given network want to communicate using TCP, they do so
by completing the three-way handshake. This process is very similar to a phone
conversation (at least before everyone had caller ID!). When you want to talk to
someone on the phone, you pick up the phone and dial the number, the receiver
picks up the ringing phone not knowing who the caller is and says “Hello?,” the
original caller then introduces himself by saying “Hi, this is John!” In
response to this, the original receiver will often acknowledge the caller by
saying “Oh, hi John!” At this point both people have enough information for the
conversation to continue as normal.

Computers work much the same way. When two computers want to talk, they go
through a similar process. The first computer connects to the second computer by
sending a SYN packet to a specified port number. If the second computer is
listening, it will respond with a SYN/ACK. When the first computer receives the
SYN/ACK, it replies with an ACK packet. At this point, the two machines can
communicate normally. In our phone example above, the original dialer is like
sending the SYN packet. The receiver picking up the phone and saying “Hello?” is
like the SYN/ACK packet and the original caller introducing himself is like the
ACK packet.
